Sick hospitals

So maybe I was a little harsh on singling out the Waikato District Health in an earlier post about a conficker outbreak, as it seems a couple of hospitals of the NHS (National Health System) in the UK have since suffered the same problem as have Manchester Police.

As much as Security pros may preach the message to end users about opening attachments from unknown senders or downloading software from dodgey sites can it be that we haven't been focusing enough on ensuring the IT Admins have heard the security message? There may be other circumstances, such as the usual under-resourcing (do more with less!) or management negligence, but surely patching and AV are the very basics that every admin understands?

Even if the worm was introduced via USB, which seems to be the case, other simple precautions such as disabling autorun can greatly limit your exposure. Going further, limiting the use of USB storage (both who has access and what type of drives can be used) provides further protection.

If businesses (and government bodies) haven't taken the basic steps to protect themselves from the most highly publicized virus/worm of recent years, it doesn't bode well for protecting against threats that aren't as highly visible in the mainstream media.

0 comments:

Post a Comment